Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

Fresh Ransomware Gangs Emerge as Market Leaders Decline

The ransomware landscape is energized with the emergence of smaller groups and new tactics, while established gangs like LockBit see fewer victims.

DARKReading
Open in Source
#vulnerability#intel#zero_day
Mysterious Mystic Stealer Spreads Like Wildfire in Mere Months

A criminal crowd-sourcing campaign has led to swift adoption of the stealer, which can pilfer key computer data, credentials from browsers and chat apps, and cryptocurrency from multiple wallets.

Hackers Will Be Quick to Bypass Gmail's Blue Check Verification System

It's still important to use other security measures, such as strong passwords and two-factor authentication, to protect your data.

100,000 Hacked ChatGPT Accounts Discovered on Dark Web

By Waqas Most of the hacked ChatGPT accounts originated from India, Pakistan, and Brazil. This is a post from HackRead.com Read the original post: 100,000 Hacked ChatGPT Accounts Discovered on Dark Web

Over 100,000 Stolen ChatGPT Account Credentials Sold on Dark Web Marketplaces

Over 100,000 compromised OpenAI ChatGPT account credentials have found their way on illicit dark web marketplaces between June 2022 and May 2023, with India alone accounting for 12,632 stolen credentials. The credentials were discovered within information stealer logs made available for sale on the cybercrime underground, Group-IB said in a report shared with The Hacker News. "The number of

CVE-2023-3325: CMS Commander <= 2.287 - Authorization Bypass through Use of Insufficiently Unique Cryptographic Signature — Wordfence Intelligence

The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmsc_add_site' function in versions up to, and including, 2.287. This makes it possible for unauthenticated attackers to the plugin to change the '_cmsc_public_key' in the plugin config, providing access to the plugin's remote control functionalities, such as creating an admin access URL, which can be used for privilege escalation. This can only be exploited if the plugin has not been configured yet, however, if combined with another arbitrary plugin installation and activation vulnerability, the impact can be severe.

CVE-2023-3320: WP Sticky Social <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Wordfence Intelligence

The WP Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation in the ~/admin/views/admin.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Data Breach at New BreachForums: 4,000 members’ data leaked

By Waqas BreachForums is a recently resurfaced alternative to the popular hacker and cybercrime forum, Breach Forums, which is now defunct. This is a post from HackRead.com Read the original post: Data Breach at New BreachForums: 4,000 members’ data leaked

Consumer Data: The Risk and Reward for Manufacturing Companies

To adequately address privacy, manufacturers need to think differently about data.

WordPress Abandoned Cart Lite For WooCommerce 5.14.2 Authentication Bypass

WordPress Abandoned Cart Lite for WooCommerce plugin versions 5.14.2 and below suffer from an authentication bypass vulnerability.